EJISDC (2011) 47, 3, 1-13

ADOPTION OF E-COMMERCE IN JORDAN: UNDERSTANDING THE SECURITY CHALLENGE

Mohanad Halaweh College of Information Technology, University of Dubai, P.O. Box 14143, Dubai, UAE E-mail: mhalaweh@ud.ac.ae

ABSTRACT Security is a consistent barrier to the adoption and implementation of e-commerce for customers and organisations. Prior research into the adoption of e-commerce and Internet banking has reported many other challenges and barriers that hinder the acceptance and engagement in e-commerce transactions. However, few research studies have attempted to address each challenge separately in depth, in the hope of solving the difficulties, making improvements and obtaining insight into each factor/challenge, which will ultimately enhance the adoption of e-commerce. Therefore, the aim of this paper is to focus on the security challenges by exploring the nature of this factor from both a customer and organisational perspective within Jordan. An interpretive-qualitative research was adopted in this research, which helps to understand the phenomenon in its natural setting. The results of this research provide decision makers (businesses and IT managers) and companies that run an online business in Jordan insights into the current situation of this factor (security), which will enable them to implement effective strategies to address this factor. Keywords: E-commerce adoption, security perception, Jordan 1. INTRODUCTION Security is a consistent barrier to the adoption and implementation of e-commerce for customers and organisations (Hawkins et al., 2000; Antn & Earp, 2000; Daskapan, 2001; Kesh et al., 2002; Labuschagnce & Eloff, 2002; Jarupunpho & Mitchel, 2002; Albuquerque & Belchior, 2002; Suh & Han, 2003; Katsikas et al., 2005, Allahawiah et al. 2010). Within Arab countries, according to Aladwani (2003), Internet security was ranked the first concern for customers and business managers with respect to e-commerce usage. Most of the existing research that has been conducted in Jordan confirms the security concerns in e-commerce and Internet banking, but without exploring the issue in depth (Sahawneh, 2003; Alsmadi, 2004; Al-Sukkar, 2005; Titi, 2005; Siam, 2006; Al-Qirim, 2007; Allahawiah et al. 2010). This barrier (i.e. security) makes Jordanian organisations and customers alike hesitant to participate in e-commerce, thus restricting the growth of e-commerce. Very little research has addressed the security issue in Jordan from customer and organisational perspectives; a field in which there is a current lack of empirical research. As the target of this investigation is Jordan, it can be said that Jordan has made valuable progress in the ICT sector, but in regard to e-commerce, adoption and growth are still hindered by factors which notably include security. Therefore, once sufficient security is provided and perceived to be in place, the adoption of e-commerce should improve. In Jordan, no previous research has considered e-commerce security from both the customer and organisational perspectives. This research investigates the adoption of e-commerce from a security viewpoint, because it is an important and consistently influential factor in its success. The remaining of this paper is organized as follows: the next section provides background information about Jordan. Section 3 outlines its recent development of
The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

Information and Communication Technology (ICT) and of e-commerce. Section 4 reviews the key e-commerce research previously carried out in Jordan, Section 5 presents the research methodology and Section 6 presents the key issues emerged from the empirical results. Section 7 provides discussion and Section 8 provides a conclusion and future research. 2. GENERAL INFORMATION ABOUT JORDAN The Hashemite Kingdom of Jordan is situated in the Middle East and has a population of 6 million, 91% of whom are literate1. Jordan has been ranked 57th of 122 on the Network Readiness Index in the Global Information Technology report 2006-20072. This assessment is based on a composite of three components: the environment for ICT offered by a given country, the readiness of the communitys key stakeholders (individuals, businesses and governments) to use ICT and the usage of ICT amongst these stakeholders. Jordan is mentioned in the Guinness Book of World Records (GBWR, 2001)3 as having the highest number of Internet cafs located in a small region, the city of Irbid. One street, which is 500 metres long, has more than 200 Internet cafs, which indicates a strong trend toward the increased usage of the Internet. This also shows the eagerness of people to utilise Internet services, and indicates that investment in technology and Internet cafs is worthwhile, as the demand is high. 3. ICT DEVELOPMENT IN JORDAN As reported by McConnell International, LLC (2002)4, with regard to e-readiness Jordans eleadership is rated medium to high compared to other countries in the world. According to this report, many conditions are present for the conduct of e-government and ebusiness. Eleadership, in this context, refers to the scope and nature of government and organisations effort to promote the networked world within the country and to promote the country as a regional or global centre in the networked world. Promoting ICT in Jordan has received support from his Majesty King Abdullah II, from government ministers and from business leaders, who have worked to set goals and strategies for the adoption of ICT in Jordan. His Majesty perceives ICT as the greatest potential to Jordans future success and growth. In 2000 the government of Jordan made ICT a national priority. This decision was translated into what is known as the REACH initiative, supported by both public and private sectors, whose goal is to develop a vibrant, export-oriented, and internationally competitive ICT sector that can successfully attract investment and generate high value jobs5. The REACH initiative was devised by the Information Technology Association of Jordan (INTAJ) and supported by the Ministry of ICT to develop the IT sector in Jordan, with a mission to promote and advance the Jordanian software and IT service industry in the global market. Intaj has grown from 53 organisations in 2000 to over 143 in mid-2006. Members of this association include companies working in Jordan in the fields of software development, support and application; telecommunications companies, value added assembly organisations and companies that distribute ICT products and services6. The Ministry of ICT initiated an e-government program in September 2000. The aim of this program is to enable businesses and citizens to obtain better (i.e. faster, more accessible, and less costly) services, to increase the government performance and efficiency,

1 2

www.infoplease.com/ipa/A0107670.html www.weforum.org/pdf/gitr/rankings2007.pdf 3 http://www.openarab.net/en/node/349 4 http://www.mcconnellinternational.com 5 www.intaj.net 6 www.intaj.net

The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

and to ensure transparency in government procedures and processes7. This initiative is still in progress. So far, the Jordanian government has 95% of its ministries online, all of these with full information about services, the ability to download forms and applications, and the ability to communicate with citizens and businesses via email (i.e. publishing stage). However, online governmental transactions (i.e. the transactional stage of e-government) to making secure payments for a service and tax, has not yet been achieved (Elsheikh et al., 2008). The application of ICT in Jordanian business, industry, schools, universities, government departments and households is clearly occurred (Sahawneh, 2003). An e-learning initiative was begun in 2002 and has been implemented and supervised by the Ministry of Education and the Ministry of Higher Education and Scientific Research. The initiative comprises two tracks: e-education in schools and e-education at university level. In schools, the programme aims to introduce IT courses within the curriculum and to facilitate the required infrastructure. As a result, computers and the Internet are used in schools and have been connected through the schools network. In addition, IT, e-commerce and programming language courses are now taught in secondary schools. Another development of ICT at the schools level is the EDUWAVE project, which has been deployed in schools to provide access to an e-portal for students, teachers and parents. This allows access to student data, all courses and grades via a central webpage8. At the tertiary level, all public universities have completed their fibre-based campus networks. Distance learning activities have been initiated among some universities9 and some have recently set up wireless networks. There are 20 universities in Jordan offering degrees in IT subjects and more than 15 colleges preparing students to work in the IT sector. Ecommerce courses also are taught in universities. Computer and Internet skills courses and one programming language are compulsory in Jordanian universities for all students in most of the faculties. Tubaishat et al. (2006) explored the impact of ICT on higher education in Jordan. Their research results assured that the use of technology improved students communication skills and enabled them to be more independent. It also improved the motivation and confidence level of students, and enabled them to express their feelings and ideas more openly with others. Recent research has been conducted by Al-Mobaideen (2009) to assess the ICT diffusion in Jordanian universities. He pointed out that the most successful efforts to incorporate ICT innovations in Jordan have occurred through the government, which is committed to investing in education. He found that ICT is practised in Jordanian universities in both the academic and management environment, and that ICT is considered public policy. He also identified a set of critical success factors that would act as enablers for the successful implementation of ICT in Jordanian universities. These factors are: strategies and policies, infrastructure and networks, funding and sustainability, and culture. At government level, an ICT literacy programme for 20,000 government employees commenced in 2004 and staff have been trained to the International Computer Driving Licence (ICDL) level10. To increase dissemination of computer and Internet facilities among citizens, Jordan Telecom has launched a PC@every-home initiative in 2004, offering packages consisting of a personal computer, software, modem and dial up or ADSL access. The package includes delivery, warranty and Internet help disk for support; and, to encourage people to purchase,
7 8

http://www.moict.gov.jo www.escwa.org.lb/wsis/reports/docs/Jordan_2005-E.pdf 9 www.escwa.org.lb/wsis/reports/docs/Jordan_2005-E.pdf 10 http://www.escwa.un.org/wsis/reports/docs/Jordan_2005-E.pdf

The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

its price is estimated to be at least 40% lower than the market price, making it suitable for people on low incomes, as payments start at 15 per month spread over three years11. Another initiative offered by the government in 2007 was to provide a laptop for each university student, again at subsidised cost, starting at 10 per month. An informal Internet survey was conducted in 2007 by the JordanTelecom Company concerning landline telecommunications, to explore customers preferences. Asked if they would like to pay online, of the 741 respondents, 79% said that they would like to pay bills online, whereas 21% said that they preferred to pay physically12. This suggests that many people have the ability and willingness to engage in e-transactions. E-commerce awareness has been achieved through the establishment of an Ecommerce Information Center (EIC) in the Amman Chamber of Industry (ACI) in December 2000. The EIC is responsible for executing the rolling out of the training programmes, and for providing guidance and support to the private sector with regard to the implementation of e-commerce systems (Sahawneh, 2003). The Electronic Business Development Activity (EBDA) is a national initiative supported by the European Commission and executed by the EIC at the ACI in order to address the dissemination of e-commerce awareness in the business community of Jordan and to encourage firms to introduce IT into their activities (Sahawneh, 2003). In Jordan, most business organisations have websites to promote their products and services and to contact their customers (Titi, 2005). Several Jordanian companies have deployed e-commerce applications, including online payment, which has been adopted by firms in fields such as transport and delivery (e.g. Royal Jordanian Airlines and Aramex), commodities, flowers, confectionary, pharmaceuticals, car and hotel reservations and auction websites. Other companies provide the ability to pay bills online for such services as mobile and landline telephone networks. However, websites providing facilities for such etransactions are still very few in numbers. Regarding intellectual property law, Jordan joined the World Intellectual Property Organisation (WIPO) in 200413. It aims to regulate the storing, accessing and use of valuable intellectual property information in IT. Other laws and regulations have also been implemented in the ICT sector. For example, Electronic Transaction Law No. 85 (2001) covers e-transactions, e-records, e-signatures, e-documents and privacy issues14. However, according to Al-Mobaideen (2009), and based on empirical research, the legal environment is not well established to cope with ICT diffusion. Hence, the law of electronic works (Electronic Transactions Act No. 85/ 2001) should be implemented. The above developments indicate two main points: the government has undertaken several initiatives to promote IT in Jordan in various sectors and levels. However, more effort needs to be made regarding the e-government project and the legal legislation that organises the use of ICT. Secondly, the Jordanian people have become familiar with, and are willing to use technology in their daily activities. When combined, the aforementioned developments and initiatives indicate that Jordan has, and continues to be, a technology friendly country that is familiar with ICT initiatives (Mofleh et al., 2008). 4. LITERATURE REVIEW: PREVIOUS E-COMMERCE STUDIES IN JORDAN Before reviewing previous e-commerce research in Jordan, it is important to indicate what security means in the context of this research. From a customer perspective, the perceived security of an e-commerce transaction can be defined as the extent to which one believes
11 12

http://www.escwa.un.org/wsis/reports/docs/Jordan_2005-E.pdf http://www.jordantelecom.jo 13 www.escwa.org.lb/wsis/reports/docs/Jordan_2005-E.pdf 14 www.escwa.org.lb/wsis/reports/docs/Jordan_2005-E.pdf

The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

that the Web is secure for transmitting sensitive information Salisbury (2001, p.2), such as a credit card. Security perception is a subjective issue, which means that its meaning differs from one user to the next. In essence, there is a difference between the concept of perceived security and actual security. Actual security is represented in the security technology and mechanisms that fulfill security requirements: confidentiality, integrity, availability, nonrepudiation, authorisation and authentication. However, some users perceptions may include actual security, therefore, being termed the perception of reality (actual security). For example, if the customer perceives that using SSL (Secure Socket Layer) protocol, through the appearance of http followed by an s in the address bar, or through the presence of a padlock in the corner of their browser, that a particular e-commerce site is secure, this provides a perception that is relative to actual security where the SSL is used for data encryption, a technique for ensuring the security integrity requirement. Some perceived security is divergent from actual security; for example, if a customer perceives that the presence of a company address (location and telephone) or customer support via live chat over an e-commerce website means that the website is secure, then this perception is not related to the actual security requirements and technology. It is merely a feeling that the website is credible in the users own mind. However, even though some perceptions are very different from the actual security controls, they are still important. As stated by Sharma and Yurcik (2004), the look and feel of a website plays a significant role for users perceptions of usability and security. According to Aladwani (2003), Internet security was ranked the first concern of customers and business managers in Arab counties, such as Jordan in regard to the use of ecommerce. In Jordan, no specific survey has been completed with regard to security perceptions in e-commerce, but other related studies include that conducted by Alsmadi (2004) to investigate the attitude of 500 Jordanian customers toward online shopping. He found that the issue of security of online transactions was a major factor limiting their willingness to make greater use of online shopping. The following studies of e-commerce and e-banking adoption are of particular relevance to Jordan. A study, conducted by Sahawneh (2003) among 31 organisations using survey method, found that many factors hinder e-commerce success in Jordan, based on the viewpoint of the participants organizations. The first is cultural resistance, which prevents the consumer from using the Internet for trade with unknown and/or unseen parties. Other influencing factors include trust, risk and security. He states there is an absence of security and legal mechanisms to protect transactions and consumers from deceit. In addition, there is a lack of awareness in organisations of e-commerce benefits. He found that language is another limiting factor, because the local language is Arabic and the majority of websites are in English. A limitation of Sahawnehs study was that it investigated only the opinion of companies. Customers were not consulted, so it is difficult, for example, to judge whether they had problems with language or to assess their level of knowledge about e-commerce websites. However, this study was conducted in 2002, and e-commerce has progressed substantially in the subsequent eight years since the study. For example, many websites now support two languages, especially those that are initiated from Jordan and other Arab countries. In contrast, another study was carried out by Alsmadi (2004) to investigate the attitude of Jordanian customers towards using the Internet for online shopping. It had two important results: firstly, most Jordanian consumers are likely to have enough knowledge and skills to use such Internet services. Secondly, the issue of the security of online transactions was a key factor limiting peoples willingness to make greater use of online shopping. Al-Sukkar (2005) conducted research into the adoption of Internet banking in Jordan; he found that among the main concerns of customers and banks were security and privacy.
The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

Siam (2006) also reports that the majority of banks in Jordan that had introduced online services agreed that confidentiality and privacy were necessary for the success of the electronic banking business. Titi (2005) conducted empirical research to investigate the adoption of e-commerce by Small Medium Enterprises (SMEs) within Jordan. He found that most of the major barriers were concerned with government regulations, such as concerns about privacy and data security, and the lack of legal and business laws regulating e-commerce. Privacy and security issues were found to be among the main barriers to the success of e-commerce, besides other factors such as customers readiness, awareness and knowledge, which influenced the adoption of e-commerce. Titi reports that most of the respondents agreed that ensuring security would help in the adoption of e-commerce and influence their decision to do so. However, the study did not specify whether the nature of security was considered in terms of perceptions, of security technology and infrastructure, or of something else. According to a report prepared by the Peppers & Rogers Group (2006)15 to assess ereadiness in Jordan compared with sixteen other countries, Jordan has so far performed well with respect to the ICT sector, with respect to connectivity and infrastructure, human capital and innovative capacity in the IT industry. It did, however, identify a perceived gap in security and privacy in relation to e-commerce. Al-Qirim (2007) conducted a single case study to explore the adoption of e-commerce in a Non-Governmental Organisation (NGO), the Jordan Chamber of Commerce (JCC). The interviewed staff of JCC reported as stating that the concept of e-commerce is not yet widespread in Jordan. In respect to security, they mentioned some incidences of misuse of the Internet among the organisations employees, introducing harmful viruses to the network. The study indicated that there was no web security service in Jordan covering e-commerce infrastructure. Where establishing SSL in Jordan would require huge investments; the JCC is reported to deal with the VeriSign certification authority in order to have the SSL feature in its payment gateway. Al-Qirim (2007) states that the current unavailability of an e-payment gateway in Jordan was a barrier to successful e-commerce. While the study provides useful information for NGOs and explores useful issues regarding e-commerce, the researcher believes that it has some weakness. Firstly, the case study is unrepresentative, not merely in terms of population and sample, but in regard to the subject of the adoption and diffusion of e-commerce in Jordan. NGOs and non-profit organisations have different objectives and considerations from commercial firms, while the basis of e-commerce for buying and selling services and products entails profit and competition. Finally, all interviewees were JCC employees, while the customers viewpoints were not investigated. A recent research, using a survey of 100 firms with around 500 respondents, by Allahawiah et al. (2010) found that security concerns of payments barriers were the major factor affecting the adoption of e-commerce in the business in Jordan. However, this research has not investigated this factor in depth and has not provided insights about security concerns from customer's side. Security is a consistent barrier to the adoption and implementation of e-commerce for customers and organisations. Therefore, this research aims to facilitate the adoption of ecommerce by exploring the nature of these security concerns, both guiding by previous literature approaches and by exploration of fieldwork. 5. RESEARCH METHODOLOGY An interpretive case study (Walsham, 1995) has been adopted in this research in order to explore the perceptions of customers, businesses, and IT personnel concerning e-commerce
15

http://www.ituarabic.org/PreviousEvents/2006/ICTindicators2/files/Doc14-Jordan.pdf
The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

security. This research, which is qualitative and subjective in nature, involves examining and identifying the meanings of security from the participants in order to gain an understanding of the phenomenon under study. Interpretive research enables the researcher to understand the phenomenon in depth without being limited to certain predetermined hypotheses and factors that are defined from literature, so that issues can emerge from the natural setting of the context (i.e. Jordan). Semi-structured interviews, which are open in nature, were also used as the main data collection tool to achieve this goal. A total of 27 participants were involved in this study. Specifically, 15 of the participants are educated and experienced with using Internet services, and some of them are familiar with online transactions. In addition, there are 12 participants from several organisations, including managerial and IT staff from several businesses and IT companies. It is important to mention that the participating organisational members were selected from more than one organisation. The reason is that issues were expected to emerge from commercial companies that could not be found within the IT vendor companies that are responsible for developing e-commerce applications. Therefore, this selection approach will enable a wide range of relevant issues to be examined from the viewpoint of many interested parties. Typically, the researcher specified the group of interviewees who appeared most relevant to the study and based on purposive sampling. The users/customers were selected randomly, but keeping in mind that the participants should have at least some Internet experience in order to answer the research questions. The researcher also followed the guidelines of qualitative research proposed by Strauss and Corbin (1990), in that the sampling of new data is based on the analysis of that initially collected from the first interviews, where the emerging issues constantly guide the researcher as to the nature of future data, its sources and the issues to be discussed in subsequent interviews. The author presents and discusses only the interpretations and implications extracted from the gathered data of the issues presented in the following section. 6. RESULTS OF EMPIRICAL RESEARCH Several issues and implications for e-commerce and security can be drawn from the empirical results; these have been organised into seven issues as follows: 6.1 Tangible Features do not Guarantee Complete Security The organisational staff pointed out that there is no way to determine whether a website is secure. The justification for this doubt is that whilst tangible security features such as SSL or security certificates or https of the website may mean that its operator has an honest stance towards its customers, that their data is encrypted for transmission, that the websites identity is authenticated by a third party, and that this, as reported by one participant, means that the company will not deceive its customers, and that the website provides secure transactions, none of this means that the company is able to completely guarantee that it will not be hacked or have its security breached. In other words, as another participant stated, it is difficult for even well-known websites to guarantee total security. However, this leads to a reasonable enquiry: If no dependable criteria exist for distinguishing a secure website from an insecure one, what should the customer depend on to purchase online securely? In essence, this shows how such a significant role is played by the intangible indicators of security such as the fame or reputation of the website. This is a high priority for many customers in deciding whether to buy online, since this assures them that the websites operators have assumed the responsibility to protect their data. This was asserted by the organisations view that customers concerns focus on the reputation of the website, how well known it is, and how it scores on rating schemes, for example. It may be concluded that both tangible and intangible
The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13 security features are important and need to be considered by customers. 6.2

Security Insurance in E-commerce Websites and the Profits Returned (Economic Perspective) In order to provide a secure channel for online payments, a commercial enterprise has to find an IT provider to integrate an electronic payment gateway (EPG) with the website, which costs money and reduces the companys profits. One participant assessed this loss as being likely to exceed the profit generated, so that if the security insurance for a certain website involved a higher cost than the total profit that the company would earn from providing online services, then it would not be feasible to conduct business online. The participant also stated that if a certain item is sold in a shop for 50 JD, the shopkeeper would expect a profit of 5 to 10 percent on the item. However, if the owner wanted to sell the same item on the Internet, then part of that profit would go toward paying the EPG provider; and in some cases, the entire profit might be spent. Thus, the expenditure on e-commerce security should be lower than the profit earned by the company. This economic approach to security was also highlighted by another participant, when he pointed out that Some websites in order to reduce expenditure do not get a security certificate from VeriSign, just to save $500. 6.3 Physical Security as a Requirement for E-commerce Security Physical security means that physical goods (not digitised products) should be delivered to the customer with a guarantee of certain conditions. These conditions include the time of delivery and the conditional state of the purchased items. As reported by some customers, their concerns involve whether the items will actually be delivered, and whether the item is the right one. Physical security here has a different meaning than traditional physical security (accessibility to both the computers and servers, or safety from such equipment suffering damage, such as through a fire), as stated by Kesh et al. (2002). Here, the concept of security is expanded to encompass the safety of goods delivered to the customer. Logical security includes, for example, the security of transmitted data between the customer and merchant, such as credit card details, which are encrypted and guaranteed by a third party such as VeriSign. However, the argument concerning this issue involves neither logical security nor physical security (Kesh et al., 2002). Rather, physical security, as defined earlier, is another aspect that should be ensured. Similarly, just as third-party institutions guarantee logical security (for example, VeriSign provides security certificates), third parties also need to guarantee physical security through a secure delivery company. This enables the customer to check whether the website is guaranteed by a third party before ordering any items. For example, a reference number can be used or certificates provided by a reputable shipping company. 6.4 Security Awareness, Risk and Time Time is an important factor in customers awareness of security. This does not come suddenly but gradually, step by step, as indicated by those participants who suggested that it would take three to five years for e-commerce to become accepted as an ordinary purchasing phenomenon in Jordan, with customers believing that it is secure. One customer indicated that such a perception comes with experience over time, not instantly. The initial difficulties that new e-customers face are how to deal with the new technology and how to overcome the problem of the digital divide. Only then can they start to deal with the promotional and service websites that require them to provide data such as their name, address, telephone number and email address. At this point, the customers begin to perceive some risks accompanying this activity. Then when they start to order products and pay by credit card or engage in other online transactions, where the actual risk increases, their need to feel secure
The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

also increases, which changes their perceptions at each stage. Therefore, enhancing the customers perception of security involves a sequence of time, given that customers do not completely understand the risk immediately, but rather step by step. In addition, the volume of risk and the need for security awareness differ at each stage. 6.5 E-government is a Prerequisite for Successful E-commerce It is arguable that e-government is a phenomenon that increases the awareness of participation in e-commerce and not the reverse. In essence, this is a greater issue in countries where e-commerce is still in its infancy, and where every citizen who wishes to perform certain online traditional routine transactions such as paying bills or fees discovers that there is no other way to do this other than via the governments website. If payment is by a national electronic payment gateway that is secure and similar to that provided by the e-government website, then it is easy and feasible for customers to buy online, at least from any national business website that enables payment via a method similar to that provided by the egovernment portal, because they have already experienced the latter. One participant pointed out that not all customers/users are familiar with international electronic payment systems such as PayPal or 2Checkout. Hence, providing a national EPG would also enable businesses to use it on their websites with an interface similar to that provided by the e-government portal. Consequently, this would enable them to engage effectively in e-commerce, performing electronic transactions securely and at a low cost. Therefore, the initial success of e-commerce in Jordan correlates with the initial success of e-government; both need to be accepted by customers and businesses, with positive perceptions concerning matters of security and trust on common EPGs. 6.6 Actions Concerning the Psychological Aspects of Security It is necessary to change the way customers think and to reduce the effects the psychological aspects of security. This can be achieved by raising consciousness amongst users of what they should understand about websites and which security issues need to be checked and practised in order to reduce their feeling of fear, and by changing the misconceptions regarding the use of e-commerce. For example, the psychological feelings that affect the user as a result of the nature of e-commerce, related to anonymity and the absence of face-to-face interaction, can be reduced by the physical company in a number of ways. It can encourage customers to buy online by offering discounts or vouchers and by explaining that the security of the website is insured, so that if a customer has a problem, he or she can make a claim, especially when attempting to buy a product that he or she has already seen or touched in the companys physical premises. This is in accord with the responses of some customers who stated that if they want to buy online, they prefer to deal with a nationally known Jordanian company that has a physical presence in the marketplace. So-called click-and-mortar websites, which conduct their business both online and offline, are deemed credible by such users. 6.7 Cooperative Responsibility Dives the Effectiveness of Ecommerce Security Cooperative responsibility, which emerges as a core issue in this research, means that the success of e-commerce regarding security involves the responsibility of different entities that are complementary to each other, rather than a single responsibility. For example, it involves situations where the organisation fulfils its responsibility to apply the best security technology and the customers are aware of security practices on e-commerce websites, but if the organisation uses customers private data in an illegitimate way. In such a case, security is violated by the organisation, by failing to fulfil its responsibility to protect customer data. Some other participants considered the responsibility to be mutual between the user and the
The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13 e-commerce selling company. For example, one customer/user pointed out:

10

I think it is the companys responsibility to respect their customers by giving them the information concerning security and telling them how to check the website. But the person himself also has a responsibility he should learn about everything thats new. Government support is also a complementary responsibility. For example, one IT manager pointed out: We told the government: If you want e-commerce success then it is not acceptable to perform the transactions in a traditional way The government should move... He also suggested providing a secure national EPG via government which gives companies the ability to execute their business securely through it, as well as making them cost-effective, thereby encourages businesses to engage in e-commerce. He stated: This [developing national EPG] would also give businesses in Jordan ability to integrate this web service into their websites, where the same electronic payment gateway that is used in e-government websites would be used by business, as a result gaining the favour and approval of customers, convincing them that it was a secure way to pay online, since everything provided by the government can be guaranteed. As a result, this would reduce business costs compared with using international overseas electronic payment gateways which are not accepted or known by customers. (IT manager) The mutual cooperation of financial institutions such as banks and Jordan Visa with other entities like EPG developers to facilitate the use of credit/debit cards for online payment is another form of responsibility. For example one participant referred to the banks role by stating Banks in Jordan only allow cards to be used for purchasing online based on a request from the customer. Banks do not provide this service for all cards because they pay fees to Jordan Visa for each card, so they just provide it based on request... it is free for customers.. Now we propose a model for registration of all cards to buy online, but the fees are deducted from the banks by Visa if the customer wants to buy online the problem here is that the customer must register if he wants to use it online. This could cause confusion for the customer and here the bank has to tell the customer: If you want to use the card online you have to register online first .the popup window on the Visa page might worry him the easiest scenario is that the bank takes this step, not the customer (IT Manager) Banks play a significant role in promoting the culture of using credit cards to shop online, and this role still remains inactive in Jordan. For example, one participant pointed out that his bank officer warned him about using his credit card for online shopping. Therefore, there is a need to ensure the correct consciousness in bank staff in order to promote the culture of using credit cards rather than frightening people about their use. Warnings from the banks about the use of credit cards for online shopping are aggravating the psychological state of security. The banks also have an important role in issuing cards for limited amounts, thus enabling customers to use them for shopping online and reducing the level of potential
The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

11

risk. This was mentioned by one business manager: In addition, the bank has an important role to provide customers with limited cards for small amounts like $300 so this reduces the risk; therefore, the assistance should be provided by banks as well. In essence, the need for mutual responsibility is evident, as establishing e-commerce as a purchasing phenomenon on a national level involves the integration and efforts of all parties. 7. DISCUSSION Issues which emerged in this research provided insights about the nature of security concerns in e-commerce within Jordan. Theses issues are not technical, but rather they involve operational, organizational, and human aspects. They influence on the customer's perception of security and play an important role in implementation of security technology in ecommerce. Theses issues provide insights to e-commerce companies, banks and governments. This paper shows them the security concerns and how to address the issues concerning the development of e-commerce websites. For example, whether integrating a website with national or international secure EPS; focusing on tangible and intangible security features that serve as a stimulus for customers engagement on e-commerce; the economic approach to e-commerce security; and identifying new methods for mitigating the psychological state associated with customers. This research shows that the security challenge mentioned in prior studies pertains to the psychological feelings of customers including fears, and misconception about e-commerce and negative stories of credit card usage. It also draws the attention of the government and IT companies to the need to develop a secure EPS which is managed nationally in Jordan as an alternative to the international ones, thus enabling businesses to execute online payments while being accepted by local customers and economically accepted by the business; directs the decision-makers in Jordan to speed the development of the e-government project, since it impinges on the success of ecommerce, and urges the promotion of the culture of using credit cards for online transactions. One of the assertions made in this research is that most customers interviewed still do not have these, or do not like to use them for online purchases, so there is a need to encourage a culture of using credit cards and for banks to provide facilities as they still complicate the procedures of using them in online payments in that the customer has to request this service from the bank; it is not provided by default. In essence, there is a need for a raising of national consciousness regarding security in e-commerce in order to foster its acceptance and engagement in it. The government, IT providers, businesses and banks have to take their share of responsibility for increasing the awareness of security instructions, features and usage in e-commerce, where this responsibility is still weak. 8 CONCLUSION AND FUTURE RESEARCH Many previous e-commerce research studies have asserted that security is the main concern of both customers and businesses and a challenge to its success, particularly in Jordan. Therefore, this study investigated the current perceptions and viewpoints in respect to ecommerce security, seeking to identify the nature of security concerns from both of these perspectives. The research resulted in a number of issues that provide organisations with insights to guide them in the implementation of effective strategies to deal with the issues discussed in previous sections. Although the results arise specifically from the Jordanian context, similar research could produce the same results or extend it to new security-related concepts and issues if it is conducted within a context of similar properties and follows the same research methods. The researcher has established procedures that were followed in the research, from defining the
The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

12

research objective and choosing the research method, to the research findings and implications, and providing details of the context and setting (i.e. Jordan) in which the data was collected. Nevertheless, the generalisations and replications made relate to concepts and theories, and are not based on statistical generalisation. As stated by Walsham (1995), the generalisability in interpretive-qualitative research involves developing theories and concepts and drawing out implications. For future research, it is worth conducting a comparative study of two developing countries, where new and further insight might be expected to emerge and contribute to extending the body of knowledge. Another valuable area of future research would be to address the relationship between security and trust, as some participants confused the two concepts. This could be accomplished by using empirical research to discover whether the factors that influence security perceptions are the same as those that influence trust, whether only some are the same, or whether there is no relation, by investigating the respondents perceptions of both issues simultaneously. REFERENCES: Al Sukkar, A. and Hasan, H. (2005) Toward a Model for the Acceptance of Internet Banking in Developing Countries, Information Technology for Development, 11, 4, 381-398. Aladwani, A. (2003) Key Internet Characteristics and E-commerce Issues in Arab Countries, Information Technology & People, 16, 1, 9-20. Albuquerque, A. and Belchior, A. (2002) E-Commerce Websites: A Qualitative Evaluation. Paper presented at the 11th International World Wide Web Conference, Hawaii, USA, May 7-11. Allahawiah, S., Altarawneh, H. and Alamro, S. (2010) The Internet and Small Medium-Sized Enterprises (SMES) in Jordan, Paper presented to the World Academy of Science, Engineering and Technology, 62. Al-Mobaideen, H. (2009) ICT Diffusion In Jordanian Universities. Paper presented at the European and Mediterranean Conference on Information Systems, Izmir, Turkey, July 1314.. Al-Qirim, N. (2007) The Adoption and Diffusion of E-Commerce in Developing Countries: The Case of an NGO in Jordan, Information Technology for Development, 13, 2, 107-131. Alsmadi, S. (2004) Consumer Attitudes towards Online Shopping in Jordan: Opportunities and Challenges, Journal of Dirasat, 31, 1, 137145. Antn, A. and Earp, J. (2000) Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems. Paper presented at the 1st Workshop on Security and Privacy in E-Commerce at CCS2000. Daskapan, S. (2001) Where is the Internet Security Lack?: A Framework for Identifying Security Opportunities. Paper presented at the 6th EURAS Workshop on Standards, Compatibility and Infrastructure Development. Wateringen, Netherlands, 28th June, 45-70. Elsheikh, Y., Cullen, A. and Hobbs, D. (2008) e-Government in Jordan: Challenges and Opportunities, Transforming Government: People, Process and Policy, 2, 2, 83-103. Hawkins, S., Yen, D.C. and Chouo, D.C. (2000) Awareness and Challenges of Internet Security, Information Management & Computer Security, 8, 3, 131-143. Jarupunphol, P. and Mitchell, C. (2003) Measuring 3-D Secure and 3D SET Against E-commerce End-user Requirements. Paper presented at the 8th Collaborative Electronic Commerce Technology and Research Conference (CollECTeR (Europe) 2003), Galway, Ireland, 51-64. 9.

The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org

EJISDC (2011) 47, 3, 1-13

13

Katsikas, S. K., Lopez, J., Pernul, G. (2005) Trust, Privacy and Security in Ebusiness: Requirements and Solutions. Paper presented at the 10th Panhellenic Conference on Informatics (PCI'2005), Volos, Greece, November, 548-558. Kesh, S., Ramanujan, S. and Nerur, S. (2002) A Framework for Analyzing Ecommerce Security, Information Management & Computer Security, 10, 4, 149-158. Labuschagnce L. and Eloff, J.H.P. (2002) Electronic Commerce: The Information Security Challenge, Information Management & Computer Security, 8, 3, 154-157. Mofleh, S., Wanous, M., and Strachan, P. (2008) Developing Countries and ICT Initiatives: Lessons Learnt from Jordans Experience, The Electronic Journal of Information Systems in Developing Countries, 34, 1, 1-17. Sahawneh, M. (2003) E-commerce: The Jordanian Experience, Royal Scientific Society. Salisbury, W., Pearson, R., Pearson, A., Miller, D. (2001) Perceived Security and World Wide Web Purchase Intention, Industrial Management & Data Systems, 101, 4, 165176. Sharma, A. and Yurcik, W. (2004) An E-Tax Internet Filing System Incorporating Security and Usability Best Practices, Paper presented at the International Conference on Ebusiness and Telecommunication Networks, 25-28 August, Setbal, Portugal Siam, A. (2006) Role of the Electronic Banking Services on the Profits of Jordanian Banks, American Journal of Applied Sciences, 3, 9, 1999-2004. Strauss, A. and Corbin, J. (1990) Basics of Qualitative Research: Grounded Theory Procedures and Techniques. SAGE Publication, London. Suh, B. and Han, I. (2003) The Impact of Customer Trust and Perception of Security Control on the Acceptance of Electronic Commerce, International Journal of Electronic Commerce, 7, 3, 135-161. Titi, K.M. (2005) The Impact of Adoption Electronic Commerce in Small to Medium Enterprises Jordanian Companies. Paper presented at the International Conference on Ebusiness and E-learning, Amman, Jordan, 22-24 May. Tubaishat, A., Bhatti, A. and El-Qawasmeh, E. (2006) ICT Experiences in Two Different Middle Eastern Universities, Issues in Informing Science and Information Technology , 3: http://www.informingscience.org/proceedings/InSITE2006/IISITTuba153.pdf. Walsham, G. (1995) Interpretive Case Studies in IS Research: Nature and Method, European Journal of Information Systems, 4, 2, 74-81.

The Electronic Journal on Information Systems in Developing Countries http://www.ejisdc.org